The Qubes OS, first announced in April 2010, is designed to allow users to partition their work into lightweight Xen VMs, AppVMs, to isolate different groups of applications from each other and therefore reduce the damage that any one compromised application can do. The GUI on Qubes then brings the applications together so they all seem to run locally. Qubes is built on top of the Xen bare metal hypervisor; it places networking code in an unprivileged VM with none on a privileged domain.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump